VMware Cloud Community
tobox
Enthusiast
Enthusiast
Jump to solution

Reload new ssl certificate without reboot

I use let's encrypt ssl certificates on ESXi 6.5 (ESXi-6.5.0-20170702001-standard) and it has been working well. Every few weeks when the certificates expire I just copied the new certificates to /etc/vmware/ssl/rui.{crt,key} and ran

/sbin/services.sh restart

That reloaded the certificates and everything was OK.

Not I have updated to ESXi-6.5.0-20171204001-standard (Build 7388607) and I cannot get ESXi to reload the certificates. Any ideas what is going wrong? How can I reload the certificates without rebooting the whole machine?

[root@vmwsrv1:~] services.sh restart &tail -f /var/log/jumpstart-stdout.log

2018-01-22T10:43:30.955Z| executing start plugin: lacp

2018-01-22T10:43:31.158Z| executing start plugin: memscrubd

2018-01-22T10:43:31.359Z| executing start plugin: smartd

2018-01-22T10:43:31.562Z| executing start plugin: vpxa

2018-01-22T10:43:31.765Z| executing start plugin: sfcbd-watchdog

2018-01-22T10:43:32.976Z| executing start plugin: wsman

2018-01-22T10:43:33.583Z| executing start plugin: snmpd

2018-01-22T10:43:33.986Z| Jumpstart failed to start: snmpd reason: Execution of command: /etc/init.d/snmpd start failed with status: 1

2018-01-22T10:43:33.986Z| executing start plugin: xorg

2018-01-22T10:43:34.391Z| executing start plugin: vmtoolsd

2018-01-23T14:39:01.265Z| executing stop for daemon xorg.

2018-01-23T14:39:01.468Z| Jumpstart failed to stop: xorg reason: Execution of command: /etc/init.d/xorg stop failed with status: 3

2018-01-23T14:39:01.468Z| executing stop for daemon vmsyslogd.

2018-01-23T14:39:01.671Z| Jumpstart failed to stop: vmsyslogd reason: Execution of command: /etc/init.d/vmsyslogd stop failed with status: 1

2018-01-23T14:39:01.671Z| executing stop for daemon vmtoolsd.

2018-01-23T14:39:01.872Z| Jumpstart failed to stop: vmtoolsd reason: Execution of command: /etc/init.d/vmtoolsd stop failed with status: 1

2018-01-23T14:39:01.872Z| executing stop for daemon wsman.

2018-01-23T14:39:02.478Z| executing stop for daemon snmpd.

2018-01-23T14:39:02.884Z| executing stop for daemon sfcbd-watchdog.

2018-01-23T14:39:06.517Z| executing stop for daemon vpxa.

2018-01-23T14:39:06.718Z| executing stop for daemon vobd.

2018-01-23T14:39:06.921Z| executing stop for daemon dcbd.

2018-01-23T14:39:07.124Z| executing stop for daemon cdp.

2018-01-23T14:39:07.325Z| executing stop for daemon nscd.

2018-01-23T14:39:07.528Z| executing stop for daemon lacp.

2018-01-23T14:39:07.731Z| executing stop for daemon memscrubd.

2018-01-23T14:39:07.934Z| Jumpstart failed to stop: memscrubd reason: Execution of command: /etc/init.d/memscrubd stop failed with status: 3

2018-01-23T14:39:07.934Z| executing stop for daemon smartd.

2018-01-23T14:39:08.136Z| executing stop for daemon slpd.

2018-01-23T14:39:08.337Z| executing stop for daemon sdrsInjector.

2018-01-23T14:39:08.540Z| executing stop for daemon storageRM.

2018-01-23T14:39:08.743Z| executing stop for daemon vvold.

2018-01-23T14:39:08.945Z| Jumpstart failed to stop: vvold reason: Execution of command: /etc/init.d/vvold stop failed with status: 3

2018-01-23T14:39:08.945Z| executing stop for daemon hostdCgiServer.

2018-01-23T14:39:09.149Z| executing stop for daemon sensord.

2018-01-23T14:39:09.352Z| executing stop for daemon lbtd.

2018-01-23T14:39:09.554Z| executing stop for daemon hostd.

2018-01-23T14:39:09.755Z| executing stop for daemon rhttpproxy.

2018-01-23T14:39:09.958Z| executing stop for daemon nfcd.

2018-01-23T14:39:10.161Z| executing stop for daemon vmfstraced.

2018-01-23T14:39:10.564Z| executing stop for daemon rabbitmqproxy.                                                                                                         

2018-01-23T14:39:10.767Z| executing stop for daemon esxui.

2018-01-23T14:39:10.970Z| executing stop for daemon usbarbitrator.

2018-01-23T14:39:11.173Z| executing stop for daemon iofilterd-spm.                                                                                                         

2018-01-23T14:39:11.376Z| executing stop for daemon swapobjd.                                                                                                              

2018-01-23T14:39:11.781Z| executing stop for daemon iofilterd-vmwarevmcrypt.                                                                                               

2018-01-23T14:39:11.985Z| executing stop for daemon SSH.                                                                                                                   

2018-01-23T14:39:12.188Z| executing stop for daemon DCUI.                                                                                                                  

Errors:                                                                                                                                                                    

Invalid operation requested: This ruleset is required and connot be disabled                                                                                               

2018-01-23T14:39:12.391Z| executing stop for daemon ntpd.                                                                                                                  

2018-01-23T14:39:14.549Z| executing start plugin: SSH                                                                                                                      

2018-01-23T14:39:14.752Z| executing start plugin: DCUI                                                                                                                     

2018-01-23T14:39:14.955Z| executing start plugin: ntpd                                                                                                                     

2018-01-23T14:39:15.358Z| executing start plugin: esxui                                                                                                                    

2018-01-23T14:39:15.965Z| executing start plugin: usbarbitrator                                                                                                            

2018-01-23T14:39:16.774Z| executing start plugin: iofilterd-spm                                                                                                            

2018-01-23T14:39:17.177Z| executing start plugin: swapobjd                                                                                                                 

2018-01-23T14:39:17.580Z| executing start plugin: iofilterd-vmwarevmcrypt                                                                                                  

2018-01-23T14:39:17.985Z| executing start plugin: sdrsInjector

2018-01-23T14:39:18.188Z| executing start plugin: storageRM

2018-01-23T14:39:18.392Z| executing start plugin: vvold

2018-01-23T14:39:20.204Z| executing start plugin: hostdCgiServer

2018-01-23T14:39:20.407Z| executing start plugin: sensord

2018-01-23T14:39:20.813Z| executing start plugin: lbtd

2018-01-23T14:39:21.017Z| executing start plugin: hostd

2018-01-23T14:39:21.824Z| executing start plugin: rhttpproxy

2018-01-23T14:39:22.228Z| executing start plugin: nfcd

2018-01-23T14:39:22.429Z| executing start plugin: vmfstraced

2018-01-23T14:39:22.632Z| executing start plugin: rabbitmqproxy

2018-01-23T14:39:23.438Z| executing start plugin: slpd

2018-01-23T14:39:23.639Z| executing start plugin: dcbd

2018-01-23T14:39:23.842Z| executing start plugin: cdp

2018-01-23T14:39:24.045Z| executing start plugin: nscd

2018-01-23T14:39:24.246Z| executing start plugin: lacp

2018-01-23T14:39:24.448Z| executing start plugin: memscrubd

2018-01-23T14:39:24.651Z| executing start plugin: smartd

2018-01-23T14:39:24.854Z| executing start plugin: vpxa

2018-01-23T14:39:25.058Z| executing start plugin: sfcbd-watchdog

2018-01-23T14:39:26.267Z| executing start plugin: wsman

2018-01-23T14:39:26.872Z| executing start plugin: snmpd

2018-01-23T14:39:27.276Z| Jumpstart failed to start: snmpd reason: Execution of command: /etc/init.d/snmpd start failed with status: 1

2018-01-23T14:39:27.276Z| executing start plugin: xorg

2018-01-23T14:39:27.680Z| executing start plugin: vmtoolsd

Reply
0 Kudos
1 Solution

Accepted Solutions
msripada
Virtuoso
Virtuoso
Jump to solution

You need to put the new certificates on the ESXi 6.5 and restart management agents -> not required to start services.sh

Once the management agents are restarted, pls connect to the ESXi host via browser and identify which certificate it is pulling now..

Thanks,

MS

View solution in original post

2 Replies
msripada
Virtuoso
Virtuoso
Jump to solution

You need to put the new certificates on the ESXi 6.5 and restart management agents -> not required to start services.sh

Once the management agents are restarted, pls connect to the ESXi host via browser and identify which certificate it is pulling now..

Thanks,

MS

tobox
Enthusiast
Enthusiast
Jump to solution

I once again checked all possibilities of reloading the certificates - still not working.

Rebooted the server - certificate is still old.

Found the error on my side: the script that copied the certificate to ESXi followed the wrong symlink and uploaded an old certificate.

Sorry for the noise, that was completely my fault.

Thanks for your help!

Reply
0 Kudos